1. Introduction

This Privacy Policy explains how Maik Gossen ("we", "us", or "our"), the provider of the EasyWiderruf Shopify app ("App"), collects, uses, stores, and protects personal data in connection with the App.

EasyWiderruf helps Shopify merchants manage consumer withdrawal requests in compliance with EU consumer protection law. In doing so, we process personal data on behalf of merchants and, to a limited extent, for our own purposes.

Data Controller vs. Data Processor: For withdrawal data submitted by end customers, the merchant is the Data Controller and we act as Data Processor under Art. 28 GDPR. For data we collect about merchants themselves (e.g. account and billing data), we are the Data Controller.

2. Data We Collect

2.1 Merchant Data (we are Data Controller)

When a merchant installs the App, Shopify shares certain information with us:

2.2 End Customer Data (we are Data Processor)

When end customers submit a withdrawal through the App, the following data is collected:

We also process the following technical data transiently:

2.3 Data We Do Not Collect

We do not collect or store: payment information, credit card numbers, social security numbers, health data, or any special categories of personal data as defined in Art. 9 GDPR.

3. How We Use Data

We use the collected data for the following purposes:

We process personal data based on the following legal grounds under the GDPR:

5. Data Storage and Location

All primary data processing takes place within the European Union.

EU Hosting: Both database and application server are located in Frankfurt, Germany. The email service operates from France (EU). No transfer to third countries occurs for primary data processing.

6. Data Retention

We retain data according to the following schedule:

7. Sub-Processors

We use the following third-party service providers to operate the App:

For details on sub-processors and data transfer safeguards, see our Data Processing Agreement (DPA).

8. Data Sharing

We do not sell, rent, or trade personal data to third parties. We only share data with the sub-processors listed above, solely for the purpose of operating the App. We may also disclose data if required by law or valid legal process.

9. Cookies and Tracking

The EasyWiderruf App itself does not set any cookies on end customers' browsers. The withdrawal form (served via Shopify App Proxy) operates within the Shopify storefront environment and does not use its own tracking or analytics cookies.

The EasyWiderruf landing page (widerruf.app) is a static site hosted on GitHub Pages and does not use cookies or tracking scripts.

10. Security Measures

We implement appropriate technical and organizational measures to protect personal data, including:

For the complete list of technical and organizational measures, see Annex 1 of our DPA.

11. Your Rights Under the GDPR

If you are located in the European Economic Area (EEA), you have the following rights regarding your personal data:

For merchants: You can exercise these rights by contacting us at info@dd-gossen.com. You can also export or delete your data directly in the App dashboard.

For end customers: Since we process your data on behalf of the merchant, please contact the merchant (the online store where you submitted your withdrawal) first. The merchant can view, export, and delete your data through the App dashboard. If needed, you can also reach us directly.

12. Children's Privacy

EasyWiderruf is a B2B service for Shopify merchants. We do not knowingly collect personal data from children under the age of 16. If we become aware that we have collected data from a child, we will delete it promptly.

13. International Data Transfers

Our primary data processing takes place in the EU (Germany and Ireland). Where sub-processors operate outside the EU/EEA (e.g., Shopify in Canada), we ensure an adequate level of data protection through adequacy decisions by the European Commission, Standard Contractual Clauses (SCCs), or certification under the EU-US Data Privacy Framework.

For full details, see our Data Processing Agreement.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify merchants of material changes via email or in-app notification at least 30 days before they take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

15. Contact

If you have questions about this Privacy Policy or want to exercise your data protection rights, please contact us:

Maik Gossen
Sole Proprietor
Emanuel-Geibel-Straße 3
65185 Wiesbaden, Germany
Email: info@dd-gossen.com
Web: widerruf.app

Questions about privacy?

We are happy to answer any questions about how we handle your data.

Get in touch

This privacy policy is governed by German law. For specific legal questions, please consult a lawyer. Last updated: June 2026.